OA16219A - Account risk management and authorization system for preventing unauthorized usage of accounts. - Google Patents
Account risk management and authorization system for preventing unauthorized usage of accounts. Download PDFInfo
- Publication number
- OA16219A OA16219A OA1201000215 OA16219A OA 16219 A OA16219 A OA 16219A OA 1201000215 OA1201000215 OA 1201000215 OA 16219 A OA16219 A OA 16219A
- Authority
- OA
- OAPI
- Prior art keywords
- account
- account holder
- transaction
- approval criteria
- authorization
- Prior art date
Links
- 230000000694 effects Effects 0.000 claims description 5
- 238000000034 method Methods 0.000 claims description 4
- 230000004075 alteration Effects 0.000 claims description 2
- 230000002452 interceptive Effects 0.000 claims description 2
- 230000000576 supplementary Effects 0.000 claims description 2
- 229920001690 polydopamine Polymers 0.000 description 2
- 230000001058 adult Effects 0.000 description 1
- 230000001010 compromised Effects 0.000 description 1
- 239000003814 drug Substances 0.000 description 1
- LFQSCWFLJHTTHZ-UHFFFAOYSA-N ethanol Chemical compound CCO LFQSCWFLJHTTHZ-UHFFFAOYSA-N 0.000 description 1
Abstract
The invention provides a system for maintaining approval criteria of one or more accounts as determined by an account holder, said system including a server capable of maintaining the approval criteria of an account over its lifecycle, a server capable of determining whether a transaction against an account is permissible based on a set of account holder selected approval criteria, an interface accessible over a local or wide area network configured to permit an issuer system to request permission to proceed with its own authorization processing upon receipt of an authorization request against an account, an interface accessible over a local or wide area network configured to permit an account holder or an authorized account operator to instruct the server to allow or disallow transactions based on the variable approval criteria selected by the account holder, and a system for authenticating a user prior to permitting operations to be processed on the server in response to commands from the account holder.
Description
The invention relates to a System which allows account holders, account providers or an authorized account operator to prevent unauthorized usage of an account.
Background to the Invention )0
Définitions:
“Accounts refer to money accounts such as savings accounts, call accounts, chèque accounts, current accounts, association branded or proprietary crédit or débit card 15 accounts, accounts with a merchant or a service provider which reflect a monetary value;
Presently, a significant amount of fraud is perpetrated through unauthorized access to accounts including bank accounts and card accounts, the majority as a resuit of stolen 20 identity credentiais and crédit or débit cards being copied or ‘'skimmed.
While financial institutions, crédit card associations and card issuers hâve deployed authentication security Systems to prevent unauthorized access to payment instruments y i many are in-effectîve and others costly to implement. For example, Smart Cards, recognized as the most secure card payment technology to prevent card skimming, while effective are costly.
It is further believed that a significant amount of internet banking fraud and card fraud is committed as a result of log-in credentials or payment card details being compromised and thereafter used to transfer funds or for internet purchases, for unauthorized mailorder telephone-order purchases and card-present fraud.
Thus, there exists a need to increase the security on payment instruments and accounts that allow the account holder remote access to an authorization System through a simple and affordable method using devices and channels readily accessible to most account holders.
It is believed that these and other deficiencies in internet banking, payments Systems, banking Systems and the card payments industry are addressed by the présent invention.
Summary of the Invention
According to a first aspect of the invention, there is provided a System for maintaining approval criteria of one or more accounts as determined by an account holder or account provider, said System including:
- a server capable of maintaining the approval criteria of an account over its lifecycle;
- a server capable of determining whether a transaction against an account is permissible based on a set of pre-selected approval criteria;
- an interface accessible over a local or wide area network configured to permit an issuer System to request permission to proceed with its own authorization processing upon receipt of an authorization request against an account;
- an interface accessible over a local or wide area network configured to permit an account holder or an authorized account operator to instruct the server to allow or disallow transactions based on the variable approval criteria selected by the account holder; and
- a System for authenticating a user prior to permitting operations to be processed on the server in response to commands from the account holder.
According to a second aspect of the invention, there is provided a System which accepts instructions from account holders for conditionally allowing access to, or authorization to deduct funds from, one or more accounts, said System including:
- a server capable of determining whether a transaction against an account is permissible based on a set of account selected approval criteria;
- an interface accessible over a local or wide area network configured to permit an issuer System to request permission to proceed with its own authorization processing upon receipt of an authorization request against an account
- an interface accessible over a local or wide area network configured to permit an account holder or an authorized account operator to instruct the server to allow or disallow transactions based on the variable approval criteria selected by the ,.
U account holder;
- a System for authenticating a user prior to permitting operations to be processed on the server in response to commands from the account holder; and
- a System and interface allowing the account holder or an authorized account operator to query and change the approval criteria.
Thus, in an embodiment, the invention provides an internet website through the use of which account holders or card holders can instruct the server.
In an embodiment, the invention provides an administration interface through the use of which account providers can instruct the server.
Thus, for example, the invention may permit the account holder or account provider to set transaction limits such as maximum values, maximum counts, ail of, sonie or none based on defined approval criteria.
The wide area network may thus be the world wide web, a mobile télécommunication network, and the like.
The invention extends to permitting an account holder to modify the approval criteria of the financial account via a mobile device.
The invention extends further to a System for controlling the approval criteria for an account, the System comprising:
- a secure internet website and/or internet banking website;
- access points that accept messages from mobile phones via various channels including:
- WAP (Wireless Application Protocol)
- USSD (Unstructured Supplementary Service Data)
- SMS / Text (Short Message Service)
- MMS (Multimedia Message Service)
- STK (SIM Application Toolkit)
- WIG ( Wireless Internet Gateway)
- Smartphone application;
- an IVR (Interactive Voice Response) System; and
- optionally, one or more of the following:
- an application running on a financial point-of-sale, self service or ATM terminal;
- an authentication System to validate the identity of the true user / owner of an account;;
- an interface to an external authentication System to validate the identity of the true user / owner of an account;
- an interface for the System to generate messages to the account holder relating to the approval criteria of the account;
- message notifications to account holders as a resuit of authorized or unauthorized transactions allowed against the account based on the approval _ criteria; and
- a switching mechanism to stand between external authorization interfaces and an accourt System.
- An administration interface internai to or external to the accourt provider
The System may be configured to originate a message to the account holder based on the transaction success or failure relative to approval criteria selected by the accourt holder.
The System may generale a request to the account holder upon declining a transaction authorization, to allow for alteration of approval criteria to allow approval of a further authorization attempt against the account based on a previously declined transaction.
The account holder may reply from an access device with a PIN or password which is validated by the System.
The invention further provides a method for the account holder or an authorized account operator to configure the System to automatically control authorizations in reaction to predetermined events or activities on the account.
Thus, for example, the account holder or an authorized account operator may configure the System to selectively authorize or décliné transactions or alter the approval criteria, if one or more of the following events occur:
effluxion of a pre-selected time period;
attempt from an external System to process an unexpected transaction;
a pre-selected volume of transactions;
when a transaction exceeds a certain monetary value;
transactions originating from the Internet; and/or transactions received from merchant pre-selected types that fall into a category selected by the account holder, such as alcohol, adult content and/or pharmaceuticals.
when a transaction is beiow a certain monetary value;
when a transaction is from a certain country, continent or région;
when the transaction is processed in a certain currency;
within certain date/time parameters; and based on a particuiar balance or balance available on account.
An embodiment of the invention provides for the System to originate a message to the account holder or an authorized account operator suggesting a transaction was declined from a certain payee allowing the account holder to reconfigure the approval criteria as to permît the next identical transaction if represented by the payee.
Description of Embodiments of the Invention
The invention is described hereunder by way of an example which is not intended to limit the scope of the invention but only to provide an example of how the invention might be put into practice.
<6219
Technical Architecture A - Process flow of Account Permission System
In Architecture A shown in Figure 1 below, the Account Permission System acts as an authorization System that allows the Account System to check whether the account holder has granted permission for the transaction to be approved before it performs its own authorization processing.
Account holder accesses an Internet website or sends a message from a supported device, including e-Mail, Mobile Phone, Téléphoné or PDA to change permissions on the account.
The Account Permission System validâtes the identity of the account holder or the account holder device sending the message. The Account Permission System records the change in account permissions.
Optionally, the Account Permission System communicates with the account holder as to the status of permissions on the account and/or transactional activity on the account.
Account holder is notified via the chosen channel of communications including eMail and/or SMS.
When a financial authorization hits the account System, it first présents the data to the Account Permission System to check account holder permissions, before processing its own authorization logic. The account System may choose décliné the authorization immediately upon response from the Account Permission System indicating that the permissions do not allow for the authorization to be approved.
The présentation of each authorization request to the Account Permission System allows the System to calculate velocities and other metrics that it may use as input to the approval criteria.
Technical Architecture B - Process flow Account Permission System
In Architecture B shown in Fig 2, the Account Permission System intercepts authorization messages between external interfaces and the account System.
Account holder accesses an Internet website or sends a message from a supported device, including e-Mail, Mobile Phone, Téléphoné or PDA to change permissions on the account.
The Account Permission System validâtes the identity of the account holder or the account holder device sending the message. The Account Permission System records the change in account permissions.
Optionally, the Account Permission System communicates with the account holder as to the status of permissions on the account and/or transactional activity on the account.
Optionally, the Account holder is notified via the chosen channel of communications including e-Mail and/or SMS.
When a financial authorization hits the Account Permission System, it first checks account permissions, before passing the authorization to the account System for authorization. The Account Permission System may choose to décliné the authorization immediately upon finding that the permissions do not allow for the authorization to be approved.
The présentation of each authorization request to the Account Permission System allows the System to calculate velocities and other metrics that it may use as input to the approval criteria.
Claims (10)
- Claims1. A System for maintaining the approval criteria of one or more accounts as determined by the account holder, account provider or an authorized account operator, said System including:- a server capable of maintaining the approval criterîa of an account over its lifecycle;- a server capable of determining whether a transaction against an account is permissible based on a set of account holder selected approval criteria;- an interface accessible over a local or wide area network configured to permit an issuer System to request permission to proceed with its own authorization processing upon receipt of an authorization request against an account;- an interface accessible over a local or wide area network configured to permit an account holder or an authorized account operator to instruct the server to allow or disallow transactions based on the variable approval criteria selected by the account holder; and- a System for authenticating a user prior to permitting operations to be processed on the server in response to commands from the account holder.
- 2. A System as claimed in claim 1, which System enables the account holder or an authorized account operator to carry out maintenance of the approval criteria on an account, the System including:- a secure internet website and/or internet banking website.H
- 3. A system as claimed in claim 1 or claim 2, including access points that accept messages from mobile phones via various channels selected from the group including:• WAP (Wireless Application Protocol);• USSD (Unstructured Supplementary Service Data);• SMS / Text (Short Message Service);• MMS (Multimedia Message Service);• STK (SIM Application Toolkit);• WIG ( Wireless Internet Gateway); and • Smartphone application.
- 4. A system as claimed in any one of the preceding daims, including an IVR (Interactive Voice Response) system.
- 5. A system as claimed in any one of the preceding daims, including an authentication system to validate the identity of the owner of an account.
- 6. A system as claimed in any one of the preceding daims, including a switching mechanism interposed between external authorization interfaces and an account system.
- 7. A System as claimed in any one of the preceding claims, which System is configured to originate a message to the account holder based on the transaction success or failure relative to approval criteria selected by the account holder.
- 8. A System as claimed in any one of the preceding claims, wherein the System generates a request to the account holder upon declining a transaction authorization, to allow for alteration of approval criteria to allow approval of a further authorization attempt against the account based on a previously declined transaction.
- 9. A System as claimed in any one of the preceding claims, wherein the account holder replies from an access device with a PIN or password which is validated by the System.
- 10. A method for an account holder, account provider or an authorized account operator to configure a System as claimed in any one of the preceding claims to automatically change the approval criteria of an account in reaction to predetermined events or activities on the account, the method including setting the predetermined events or activities to one or more of the following:effluxîon of a pre-selected time period;attempt from an external System to process an unexpected transaction;a pre-selected volume of transactions;pre-selected types of merchants based on the merchant category code;when a transaction is below a certain monetary value;when a transaction exceeds a certain monetary value;when a transaction is from a certain country, continent or région;when the transaction is processed in a certain currency;within certain date/time parameters;5 - where the transaction originates from an Internet purchase; and based on a parti cul ar balance or balance avai labié on account.
Publications (1)
| Publication Number | Publication Date |
|---|---|
| OA16219A true OA16219A (en) | 2015-04-10 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20110016049A1 (en) | Account risk management and authorization system for preventing unauthorized usage of accounts | |
| US10902397B2 (en) | Interoperable financial transactions via mobile devices | |
| US20180089662A1 (en) | Method of processing payment transactions | |
| KR101695201B1 (en) | Transaction system and method | |
| US20230259927A1 (en) | Secure account creation | |
| US7766223B1 (en) | Method and system for mobile services | |
| US10592902B2 (en) | Systems and methods for enhanced transaction processing | |
| US20160180305A1 (en) | Payment Method Linked To A Mobile Number | |
| US20150095240A1 (en) | Card account identifiers associated with conditions for temporary use | |
| WO2001055983A1 (en) | Banking system with enhanced utility | |
| US20150095239A1 (en) | Card account identifiers associated with conditions for temporary use | |
| KR101014685B1 (en) | Method for Processing Transaction Approval using Customer Mobile Phone and Recording Medium | |
| US10623275B1 (en) | Network operational decision engine | |
| KR20100027679A (en) | System for processing transaction approval using customer mobile phone | |
| Otor et al. | An improved security model for nigerian unstructured supplementary services data mobile banking platform | |
| WO2006004441A2 (en) | Electronic banking | |
| CA2865798A1 (en) | Card account identifiers associated with conditions for temporary use | |
| OA16219A (en) | Account risk management and authorization system for preventing unauthorized usage of accounts. | |
| EP2357598A2 (en) | Systems and methods for enhanced transaction processing | |
| BEAMS et al. | AUTOPAYMENTS VIA ACCOUNT ABSTRACTION | |
| WO2010146416A1 (en) | Account risk management and authorization system for preventing unauthorized usage of accounts | |
| Bihari | Mobile Banking in India-Your Money in Your Pocket | |
| KR20040069920A (en) | Method and system of processing an additional card settlement approval using a number selection of the cellular phone |